Abstract

Biometric Authentication Protocols (\(\mathsf {BAP}\)s) have increasingly been employed to guarantee reliable access control to places and services. However, it is well-known that biometric traits contain sensitive information of individuals and if compromised could lead to serious security and privacy breaches. Yasuda et al. [23] proposed a distributed privacy-preserving \(\mathsf {BAP}\) which Abidin et al. [1] have shown to be vulnerable to biometric template recovery attacks under the presence of a malicious computational server. In this paper, we fix the weaknesses of Yasuda et al.’s \(\mathsf {BAP}\) and present a detailed instantiation of a distributed privacy-preserving \(\mathsf {BAP}\) which is resilient against the attack presented in [1]. Our solution employs Backes et al.’s [4] verifiable computation scheme to limit the possible misbehaviours of a malicious computational server.